Apologies as this is my first day trying out Auth0 and I must be doing something fairly silly. My issue is that I can’t get a token for a user based on their username/password .
What I did:

Created a new database connection MyDB.

Created a new user henry.green@erewhon.com, gave them a password HelloWorld and assigned them to that database connection.

Created a new API Test Auth0 API

Created a web app client My Appand ensured the Password grant type was set. Also ensured MyDb was one of its connections.

From javascript (node.js) I then issue the following call (AUTH0_DOMAIN is my Auth0 assigned domain, AUTH0_CLIENT_ID and AUTH0_CLIENT_SECRET are set from MyApp’s config, and AUTH0_AUDIENCE is set from my test API’s config):

OK - I solved the riddle, and the solution if anyone else gets stuck with this is as follows - when you run the Getting Started tutorial, one of the steps involves setting up a rule based on email domain whitelists. What I hadn’t realised was that the rule was still active; since my new user’s email domain didn’t conform to that whitelist domain the rule was causing the “Access Denied” error to be returned to my token request.

Suggestion amend the error message used in the *Email domain whitelist’ rule to something a bit more obvious e.g. Access denied - email domain not supported. That would’ve saved me a few hours tracking down my silly mistake.